Well, now, hold on there a minute, Ben.... There is something that has
been completely missed here. Everyone keeps harping on the "Security
holes big enough to drive a truck through" in BIND. Everyone keeps
talking about how fixing BIND would require a complete rewrite, and no
one wants to do that. Well, BIND *HAS* been completely rewritten. All of
the security holes that are being found/announced are for either 4.x or
8.2. No one has even mentioned BIND v9, which is a complete rewrite, and
was designed with security in mind this time around. I haven't dug too
deeply into it, but just the fact that it has ipv6 capabilities, IPSec
interop, NOCONNECT options, etc. etc. etc. tells me that someone out
there is not only listening, but also acting on the various problems.
None of the security holes that have been announced in the last 6+
months are in BIND 9. A poor history is something to consider when
choosing, sure. However, if a DNS server is properly configured, and if
the network has been properly secured, then there really isn't anything
to worry about. If we dismissed every service that has a history of
problems, then we would have nothing. Let's see... We have to get rid of
DHCP, NIS, NFS, etc., and we can't forget about the OS's. There goes
Linux, Solaris, AIX, HP-UX, OSF, yadda yadda yadda......
Kenny
Benjamin Scott wrote:
>
> On Thu, 22 Feb 2001, Peter Cavender wrote more on djbdns.
>
> As Jeff Smith says, it is all about choice. If you like djbdns, by all
> means, use it. Myself, I find the djbdns website and what it describes has
> too much inconsistency, misinformation, error, omission, disregard of
> standard, flaming, arrogance, incompatibility... well, you get the idea. You
> find BIND's poor security history unacceptable, which is not an unreasonable
> position to take. I don't think either of us are going to budge. Let's agree
> to disagree, and leave it at that, eh? :-)
>
> --
> Ben Scott <[EMAIL PROTECTED]>
> Net Technologies, Inc. <http://www.ntisys.com>
> Voice: (800)905-3049 x18 Fax: (978)499-7839
>
> **********************************************************
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **********************************************************
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
